QinetiQ : Reducing Installation Time for Open Source Threat Intelligence Platform

OpenCTI, an open source Threat Intelligence platform, does not currently support a publically released native cloud deployment strategy that adheres to typical cloud principles. This slows down installations and reduces the flexibility, extensibility and usability of the platform for organisations, forcing them to create their own deployment strategy - a time consuming and costly process.

Backed by the likes of the French National Cyber Security Agency (ANSSI), OpenCTI allows for the creation, ingestion and dissemination of threat information regarding a threat actor's current behaviours, ongoing campaigns against corporate entities and the monitoring of new malware, as well as vulnerabilities, of interest to us and our partners. Taken and analysed together, this data provides a "Threat Landscape" which can inform Cyber Defenders of current threats.

As part of our contributions, we are pleased to release an infrastructure as code (Terraform) deployment of OpenCTI into Amazon Web Services (AWS). This deployment will reduce installation overhead and, we hope, help to drive wider adoption and growth of this tool. The Terraform code can be found at https://github.com/QinetiQ-Cyber-Intelligence/OpenCTI-Terraform.

The platform allows for graphical visualisation along with the ability to perform correlation with other similar events. Content that is ingested from open source and paid threat feeds can be correlated with hand-curated work, providing an even more comprehensive view of threats faced.

With so many organisations and systems relying on the internet, networks and digital infrastructure to provide sometimes life-critical services, it's never been more important to understand the methods and intentions of those determined to disrupt or steal from those organisations. It's a great pleasure to contribute our knowledge and expertise to a freely accessible platform that will ultimately help make the world a safer and more predictable place for all.

If you would like more information about OpenCTI, please contact Luke Ager, Chief Technical Officer, who would be happy to help.